I have found that the password for the web server is stored in guisettings.xml in clear text:
Code:
<services>
<webserver>true</webserver>
<webserverpassword>password</webserverpassword>
<webserverport default="true">8080</webserverport>
<webserverusername>user</webserverusername>
</services>
The profile lock codes are encrypted in profiles.xml. Is there anyway for the web server passwords to also be encrypted? Or is this a feature request?